Police have targeted key criminals in global ransomware operations which paralysed large corporations and infrastructure in 71 countries.
The operation focused on 12 “high-value” cybercriminals in Ukraine and Switzerland behind a range of ransomware, including LockerGoga, which severely damaged one of the world’s largest aluminium producers, Norsk Hydro.
The 12 were said to be behind attacks that left 1,800 victims in 71 countries, and are under investigation in a number of different jurisdictions, said the EU law enforcement agency Europol.
LockerGoga is also believed to have been used in an attack on French engineering consultancy Altran Technologies in January 2019.
Ransomware is a form of malicious software that locks computers until the victim pays a fee to the criminals. It remains enduringly popular for criminals, with companies continuing to pay to retrieve critical data.
Law enforcement officials have said that an increasing trend is to combine locking up computers with threats to release market-sensitive data online.
The police operation was launched in the early hours of October 26, and $52,000 in cash and five luxury vehicles were seized.
The 12 had different roles in “professional, highly organised” criminal organisations, said Europol.
The roles included plotting the attacks, carrying them out, penetrating companies’ computer networks and laundering the Bitcoin ransom payments.
Some of the attacks would have happened months before a ransom was demanded, said Europol.
The operation involved investigators from across the EU, the UK and the US, it added.